3GPP TS V8.1.0 ( )

Transcription

1 TS V8.1.0 ( ) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Extensible Markup Language (XML) Configuration Access Protocol (XCAP) over the Ut interface for Manipulating Supplementary Services (Release 8) GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS R The present document has been developed within the 3 rd Generation Partnership Project ( TM ) and may be further elaborated for the purposes of. The present document has not been subject to any approval process by the Organizational Partners and shall not be implemented. This Specification is provided for future development work within only. The Organizational Partners accept no liability for any use of this Specification. Specifications and reports for implementation of the TM system should be obtained via the Organizational Partners' Publications Offices.

4 4 TS V8.1.0 ( ) Foreword This Technical Specification (TS) was been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) and originally published as ETSI TS [13]. It was transferred to the 3rd Generation Partnership Project () in January The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document.

6 6 TS V8.1.0 ( ) 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in IETF RFC 4825 [8] apply. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AP AS AUID HTTP ISDN MIME NAF NGN PSTN TLS UE URI XCAP XML Authentication Proxy Application Server Application Unique ID HyperText Transfer Protocol Integrated Services Digital Network Multipurpose Internet Mail Extensions Network Application Function Next Generation Network Public Switched Telephone Network Transport Layer Security User Equipment Uniform Resource Identifier XML Configuration Access Protocol extended Markup Language 4 Architecture for manipulating supplementary services settings The protocol described in the present document allows to manipulate settings and variables related that influence the execution of one or more supplementary services. Manipulation of the supplementary services take place over the Ut interface (UE to AS), as shown in figure 1. UE Ut AS Figure 1: Ut interface Manipulation of supplementary services does not usually take place during real-time operation. Typically users manipulate their services configuration data prior to the invocation and execution of the service. Authentication of the user with HTTP may take place directly at the AS, such as in figure 1, or with the support of an Authentication Proxy, such as in figure 2. The architecture for authentication is provided in TS [6]. NOTE: The Network Application Function (NAF) can be an AS.

7 7 TS V8.1.0 ( ) UE Ut Authentication Proxy Ut AS Figure 2: Authentication proxy in the Ut interface path 5 The extensible Markup Language (XML) Configuration Access Protocol (XCAP) 5.1 Introduction For the purpose of manipulating data stored in an application server the XML Configuration Access Protocol (XCAP) [8] is used. XCAP allows a client to read, write and modify application configuration data, stored in XML format on a server. XCAP maps XML document sub-trees and element attributes to HTTP URIs, so that these components can be directly accessed by HTTP (see RFC 2616 [1]). XCAP uses the HTTP methods PUT, GET, and DELETE to operating on XML documents stored in the server. In the case of supplementary services, the data stored in a server is related to the execution of that given service. The present document defines a new XCAP Application Usage for the purpose of allowing a client to manipulate data related to supplementary services. XCAP (see RFC 4825 [8]) defines two logical roles: XCAP client and XCAP servers. An XCAP client is an HTTP/1.1 compliant client. Similarly an XCAP server is an HTTP/1.1 compliant server. The XCAP server acts as a repository of XML documents that customize and modify the execution of the supplementary services. Figure 3 depicts the XCAP architecture where an XCAP client sends an HTTP/1.1 request to an XCAP server. The server replies with an HTTP/1.1 response. XCAP client XCAP server HTTP request HTTP response Figure 3: XCAP architecture According to XCAP (see RFC 4825 [8]), each application that makes use of XCAP defines its own XCAP application usage. The present document defines an supplementary services XCAP application usage in clause 6. This application usage defines the XML schema W3C REC-xmlschema [2] for the data used by the application, along with other key pieces of information. XCAP focuses on the definition of XML documents that are compliant with the XML schema and constrains defined for a particular XCAP application usage. XCAP allows application to provide XML documents that are common for all users or XML documents that affect the service of a given user. Central to XCAP is the construction of the HTTP URI that points to particular XML document or certain components of it. A component in an XML document can be an XML element, attribute, or the value of it.

8 8 TS V8.1.0 ( ) 5.2 Functional entities User Equipment (UE) General The UE implements the role of an XCAP client, as described in clause For systems where Generic Authentication Architecture [6] is used, the UE shall support the authentication mechanisms specified in TS [6] and TS [5]. For systems where Generic Authentication Architecture [6] is not used, the UE shall support RFC 2617 [3] and RFC 2246 [4] according to ETSI TS [12]. On sending an HTTP request, the UE may indicate the user's identity intended to be used with the AS by adding a HTTP X--Intended-Identity header ( TS [5]) to the outgoing HTTP request Subscription for notification of state changes in XML document In order to keep the supplementary services state synchronized with the network elements and other terminals that the user might be using, the UE should subscribe to changes in the XCAP simserv documents by generating a SUBSCRIBE request in accordance with draft-ietf-simple-xcap-diff [10] and draft-ietf-sipping-config-framework [11] Authentication Proxy (AP) Introduction An Authentication Proxy is an HTTP/1.1 RFC 2616 [1] compliant server whose main purpose is to authenticate the user requests. The Authentication Proxy is used to separate the authentication procedure and the Application Server (AS) specific application logic to different logical entities. The AP is configured as a HTTP reverse proxy, i.e. the FQDN of the AS is configured to the AP such a way that the IP traffic intended to the AS is directed to the AP by the network. The AP performs the authentication of the UE. After the authentication procedure has been successfully completed, the AP assumes the typical role of a reverse proxy, i.e. the AP forwards HTTP requests originating from the UE to the correct AS, and returns the corresponding HTTP responses from the AS to the originating UE. The AP allows authorized users to manipulate services when they are connected to an IMS network or when they are connected to a non-ims network (e.g. the public Internet). Authentication details can differ in both situations. Provisioning of credentials to authenticate the user is outside the scope of the present document. TS [6] provides further architectural authentication details Authentication General On receiving an HTTP request, the AP shall first determine the mechanism used to authenticate the user. If the Generic Authentication Architecture [6] is used, the AP shall attempt to authenticate the user via the mechanisms specified in TS [6] and the AP shall follow the procedures indicated in clause For systems where Generic Authentication Architecture TS [6] is not used, the AP shall attempt to authenticate the user according to RFC 2617 [3] and ETSI TS [12] provides guidelines for the Authentication Proxy Authentication based on the generic authentication architecture On receiving an HTTP request that contains the Authorization header field, the AP shall: a) use the value of that username parameter of the Authorization header field to authenticate the user; b) apply the procedures specified in RFC 2617 [3] for authentication;

9 9 TS V8.1.0 ( ) c) if the HTTP request contains an X--Intended-Identity header field ( TS [5]), then the AP may verify that the user identity belongs to the subscriber. This verification of the user identity shall be performed dependant on the subscriber's application specific or AP specific user security settings; d) if authentication is successful, remove the Authorization header field from the HTTP request; e) insert an HTTP X--Asserted-Identity header field ( TS [5]) that contains the asserted identity or a list of identities; and f) forward the HTTP request to the appropriate AS. On receiving an HTTP response for the previous request, the AP shall: a) add an Authentication-Info header field in accordance to the procedures described in TS [6]; and b) forward the response to the XCAP client. On receiving an HTTP request that does not contain the Authorization header field, the AP shall: a) challenge the user by generating a 401 Unauthorized response according to the procedures specified in TS [6] and RFC 2617 [3]; and b) forward the 401 Unauthorized response to the sender of the HTTP request Void Authorization The AP shall be able to decide whether particular subscriber, i.e. the UE, is authorized to access a particular AS. On doing so, the AP may use the User Security Settings specified in TS [5]. The AP may indicate an asserted identity or a list of identities to the AS by adding an HTTP X--Asserted-Identity header field to the HTTP requests prior to forwarding the request to the AS. In case of multiple identities, they shall be separated by comma (,) and each identity shall be surrounded by quotation marks ("). Whether the AP supports this handling of an asserted identity or a list of identities then it shall depend on local policy in the AP. In addition the subscriber's application specific or AP specific user security settings may be considered. The AP may indicate an authorization flag or a list of authorization flags from the application specific user security settings (USS) to the AS by adding a HTTP X--Authorization-Flags header field to the HTTP request prior to forward it to the XCAP server. The HTTP X--Authorization-Flags header field shall contain a list of authorization flags separated by comma (,) and each authorization flag is surrounded by quotation marks ("). In case the AP supports this handling of authorization flags from USS then it shall depend on local policy in the AP Application Server (AS) General An Application Server implements the role of an XCAP server as described in clause For systems where Generic Authentication Architecture [6] is used, the AS shall support the authentication mechanisms specified in TS [6] and TS [5]. For systems where Generic Authentication Architecture [6] is not used, the AS shall support RFC 2617 [3] and RFC 2246 [4] according to ETSI TS [12] Authentication and authorization General If an Authentication Proxy (AP) is provided in the path of the HTTP request, then the AS receives an HTTP request from a trusted source (the AP) and contains an HTTP X--Asserted-Identity header ( TS [5]) that

10 10 TS V8.1.0 ( ) includes an asserted identity of the user. In this case the AS does not need to authenticate the user, but just provide authorization to access the requested resource. If an HTTP X--Asserted-Identity header ( TS [5]) is not present in the HTTP request or if the request is received from a non-trusted source, then the AS needs to authenticate the user prior to providing authorization to the XCAP resource by applying the procedures of authentication mechanisms specified in TS [6] and TS [5] in case Generic Authentication Architecture is supported, or as described in clause otherwise HTTP digest authentication On receiving an HTTP request that does not contain an Authorization header the AS shall: a) challenge the user by generating a 401 Unauthorized response that contains the proper Digest authentication parameters (e.g. realm), according to RFC 2617 [3]. Provisioning of credentials to authenticate the user is outside the scope of the present document; and b) forward the 401 Unauthorized response to the sender of the HTTP request. On receiving an HTTP request that contains an Authorization header, the AS shall: a) apply the authentication procedures defined in RFC 2617 [3]; and b) authorize or deny authorization depending on the authenticated identity Subscription acceptance and notification of state changes in XML document When the AS receives a SUBSCRIBE request having the Event header field value set to "ua-profile", the AS shall first authenticate the source of the SUBSCRIBE request and then perform authorization. Afterwards, the AS shall generate a response to the SUBSCRIBE request and notifications in accordance with draft-ietf-simple-xcap-diff [10] and draft-ietf-sipping-config-framework [11]. 5.3 Roles XCAP client Introduction The XCAP client is a logical function as defined in IETF RFC 4825 [8]. The XCAP client provides the means to manipulate the general data, such as configuration settings related to supplementary services. NOTE: In order to be able to manipulate data stored on the XCAP server, the XCAP client needs to know the XCAP root directory on the XCAP server and the user's directory name. It is assumed that these values are pre-provisioned or the UE uses some means to discover it. Discovery mechanisms are outside the scope of the present document Manipulating supplementary services When the XCAP client intends to manipulate a resource list, it shall generate an HTTP PUT, HTTP GET or HTTP DELETE request in accordance with IETF RFC 4825 [8] and the supplementary services application usage specified in clause XCAP server Introduction The XCAP server is a logical function as defined in IETF RFC 4825 [8]. The XCAP server can store data related to the configuration of supplementary services. The XCAP server shall provide or deny authorization to access XCAP resources by authenticated users.

11 11 TS V8.1.0 ( ) Manipulation acceptance When the XCAP server receives an HTTP PUT, HTTP GET or HTTP DELETE request for manipulating or fetching a resource list, the XCAP server shall first authenticate the request and then perform authorization. Clause provides more details on the authentication and authorization of HTTP requests. Afterwards the XCAP server shall perform the requested action and generate a response in accordance with IETF RFC 4825 [8] and the supplementary services application usage specified in clause 6. 6 Supplementary services XCAP application usage 6.1 Structure of the XML document XCAP provides for the existence of application usages that define the conventions and constrains related to the manipulation of XML documents in an XCAP server. The present document defines a supplementary services XCAP application usage. NOTE: Further releases can extend this application usage when deemed practical. The present document follows a modular approach, as depicted in figure 4. We provide for the existence of a simservs XML document that contains the data associated to one or more supplementary services. The simservs XML document is composed of a common part, defined by the present document, and a number of XML fragments corresponding to each of the supplementary services. This modular approach has significant advantages. Particularly, it is versatile enough to allow any number of configurations. For example, in one configuration, an XCAP server might be managing a given server. In this case, the simservs XML document will contain one subtree per service. In another configuration, each service is managed in its own XCAP server, case in which the XML document in each XCAP server will contain the common parts and a single XML subtree that manages the service. Yet in a third configuration the XCAP server stores several XML documents, each document managing one or more services. The XML schema for the simservs XML document, including the common parts, is specified in clause 6.3. This XML schema allows for each of the individual XML schemas pertaining to a particular service to import the common parts XML schema. Each XML fragment affects the settings of a supplementary service (or group of services). The XML schema of each of the supplementary services is specified in its own specification. A template of the XML schema for a supplementary service is provided in subclause 6.4. Common parts Supplementary Service 1 Supplementary Service 2... Supplementary Service n Supplementary Services XML document Figure 4: Structure of a supplementary services XML document

12 12 TS V8.1.0 ( ) The simservs XML document starts with a <simservs> root XML element that can contain one or more child elements pertaining to supplementary services. Each of these service elements can contain an "active" attribute that indicates whether the service is activated or not. When the "active" attribute is absent on a service element, it indicates that the service is activated. Elements and attributes from different namespaces can be present as well. 6.2 XCAP application usage XCAP requires application usages to fulfil a number of steps in the definition of such application usage. The reminder of this clause specifies the required definitions of the supplementary services XCAP Application Usage. Application Unique ID (AUID): Each XCAP application usage is associated with a unique name called the Application Unique ID (AUID). The AUID defined by this application usage falls into the vendor-proprietary namespace of XCAP AUID, where ETSI is considered a vendor. The AUID allocated to the supplementary services XCAP application usage is: simservs.ngn.etsi.org XML schema: Implementations in compliance with the present document shall implement the XML schema that includes the XML Schema defined in clause 6.3. Additionally, each supplementary service (or group of them) is modelled with a XML fragment that is validated according to a specific XML schema. The XML schema that affects the settings of the related service is specified in the specification of the given supplementary service. Clause 6.4 provides a template that shall be included in XML Schema that also includes the XML Schema defined in clause 6.3 along with inclusion of XML schema defined by each of the supplementary services that implement XML schemas for data manipulation. Additionally the schema in clause 6.3 contains the specification of a number of common service specific elements and types, the semantics and applicability of these elements is described in the service specifications that use them. Default namespace: XCAP requires application usages to declare the default namespace. The default namespace of the supplementary services XCAP application usage is: MIME type: The MIME type of supplementary services XML documents is: application/simservs+xml Validation constraints: The present document does not specify any additional constraint beyond those defined by XCAP RFC 4825 [8]. Note, however, that each of the supplementary services may specify additional constraints on each of the XML subdocuments. Data semantics: The XML schema does not accept URIs that could be expressed as a relative URI reference causing a resolution problem. However, each of the supplementary services should consider if relative URIs are allowed in the subdocument tree, and in that case, they should indicate how to resolve relative URI references. In the absence of further indications, relative URI references should be resolved using the document URI as the base of the relative URI reference. Naming conventions: By default, supplementary services XML documents are stored under the user's Home Directory (which is located under the "users" sub-tree). In order to facilitate the manipulation of a supplementary services XML document, we define a default XML file name: simservs.xml Resource interdependencies: The present document does not specify additional resource interdependency beyond those specified in the XML schema and beyond any resource interdependency that may be specified in each of supplementary services. Authorization policies: The default XCAP RFC 4825 [8] authorization policy is used in the application usage defined by the present document. NOTE: The default policy indicates that the creator of the XML document is the one authorized to manipulate it.

14 14 TS V8.1.0 ( ) <xs:element name="servicename" substitutiongroup="ss:absservice"> <xs:annotation> <xs:documentation>template of a Supplementary Service XML Schema </xs:documentation> </xs:annotation> <!-- If the service needs to add children elements or attributes --> <!-- it can use the following complextype for such purpose --> <xs:complextype> <xs:complexcontent> <xs:extension base="ss:simservtype"> <xs:sequence> <!-- service specific elements can be defined here --> </xs:sequence> <!-- service specific attributes can be defined here --> </xs:extension> </xs:complexcontent> </xs:complextype> </xs:element> </xs:schema>

15 15 TS V8.1.0 ( ) Annex A (informative): Void

16 16 TS V8.1.0 ( ) Annex B (informative): Change history Change history Date TSG # TSG Doc. CR Rev Subject/Comment Old New Publication as ETSI TS Publication as ETSI TS Publication as ETSI TS Publication as ETSI TS Conversion to TS Technically identical copy as TS as basis for further development CT1#51 agreed to sent spec for information to plenary The following CR s were incorporated and the editor adopted their content / structure to the structure of the TS C The following CR s were incorporated and the editor adopted their content / structure to the structure of the TS C C C Editorial changes done by MCC CT#40 CP CP was approved by CT#40 and version is created by MCC for publishing Version created to inlcude attachments (.xml adn.xsd files) CT#41 CP Tidyup.xml and.xsd files CT#41 CP Applicability statement in scope

XML Document Management Architecture Candidate Version 2.0 02 Dec 2010 Open Mobile Alliance OMA-AD-XDM-V2_0-20101202-C OMA-AD-XDM-V2_0-20101202-C Page 2 (30) Use of this document is subject to all of the

This Specification is provided for future development work within onem2m only. The Partners accept no liability for any use of this Specification. The present document has not been subject to any approval